That’s really a CircleCI issue mostly I think? Or are you suggesting we make some other type of credentials that can only publish snapshots?
I’d probably lightly discourage publishing untrusted snapshots. Also, what’s to stop the person bumping the version at the same time and publishing a release version?
That would require some kind of snapshot credential. And it would still fundamentally be leakable to third parties if it was exposed to untrusted PRs
I’m not sure if the security problems are resolvable, but feel free to open an issue to discuss it more. But be sure to address how you’d avoid third parties getting the snapshot credentials